Losses from fraud total about 5% of annual revenues for the typical
company. Employee tips are the primary way companies learn about
internal fraud, with more than 40% of fraud identified via
whistleblowing, according to the Association of Certified Fraud
Examiners’ 2014 Report to the Nations on Occupational Fraud and
Abuse. From the 2002 passage of the Sarbanes-Oxley Act (SOX), P.L.
107-204, to the 2010 passage of the Dodd-Frank Wall Street Reform and
Consumer Protection Act, P.L. 111-203, much emphasis has been placed
on increasing employees’ willingness to blow the whistle on fraud.
Companies that maximize their employees’ willingness to report fraud
in-house position themselves to learn about problems before they
become bigger issues—and before employees feel the need to report them
outside of the organization.

In an effort to curb fraud, companies have instituted third-party
administration of ethics hotlines, and the follow-up of fraud
complaints by internal audit and the audit committee. However, recent
research, detailed in this article, reveals several counterintuitive
aspects of whistleblowing, showing that a company’s fraud reporting
programs can be implemented in a way that actually decreases
employees’ willingness to report fraud. This article looks at actions
organizations can take to avoid inadvertently discouraging fraud
reporting and instead promote whistleblowing.

Third-party administrators of hotlines

Using third-party administrators to oversee hotlines is considered a
“best practice” that companies use to encourage whistleblowing (see
“Fraud Hotlines: Don’t Miss That Call,” JofA, Aug. 2013, page
32). An effective third-party setup typically includes a case
management system that allows an administrator to track the complaint.
From the employer’s perspective, the ability to ensure employee
anonymity is one of the most important perceived benefits. But does
the promise of anonymity actually encourage employees to use hotlines?

A 2009 study based on interviews of more than 90 managers and
published in Auditing: A Journal of Practice & Theory,
found that employees are more hesitant to report possible fraud to
“outsiders” as opposed to using internal company reporting programs
and resources, even if those internal programs don’t follow “best
practices” similar to the external hotlines. This is, according to the
study, because employees prefer to report wrongdoing to the
organization rather than to outsiders. While hotlines run by
third-party administrators are still “internal” to the organization,
employees often view these external resources as reporting outside of
the organization because the hotlines are not maintained by company employees.

What can companies do?Companies often want to retain the
use of an external reporting system, such as a hotline administered by
a third party, rather than bringing the reporting system in-house.
Hotlines maintained by third parties may be more cost-effective and
may offer whistleblowing reporting “best practices,” but corporations
that use a third-party administrator should ensure that the following
is occurring:

The hotline should be perceived as part of the company rather
than as something “separate” from or outside of the
organization.

Employees need to believe that using the
external reporting mechanism is the company’s preferred way of
reporting. Periodic reminders should be sent to employees to
reinforce the use of the reporting mechanism.

The hotline
name and literature should make it clear that employees can call
with any questions on ethical behavior. Research conducted by the
Ethical Leadership Group and cited in an article on the Santa Clara
University website showed that channels named “Hotline” or “Alert
Line” receive about four calls per year per 1,000 employees, while
lines with names such as “Open Line” or “Help Line” receive about 23
calls per 1,000 employees each year. The difference is that names
such as Hotline and Alert Line give the impression that they are
911-like, emergency-only services, while names such as Open Line and
Help Line give the impression that they provide mentoring
services.

Follow-up of anonymous fraud reports

SOX requires audit committees of publicly traded companies to
provide a whistleblowing option so that employees can anonymously
report fraud. Typically, the board of directors’ audit committee and
corporate internal audit department work together to follow up on
complaints. Although it’s not required, private companies of all sizes
should consider offering an option to encourage internal whistleblowing.

Numerous studies have found that employees are more likely to report
fraud if they can do so anonymously because this minimizes concerns
about retaliation and other negative consequences. But audit committee
members viewed anonymous reports as less credible and were less
willing to allocate resources to these reports (compared to
nonanonymous reports), according to a study published in the
Journal of Management Studies. A study of 84 chief audit
executives (and deputy chief audit executives) revealed similar
findings, according to an article published in the journal
Behavioral Research in Accounting.

What can companies do?Companies should ensure that anonymous reports are not brushed
aside as not credible. Internal auditors should be required to follow
standardized steps to investigate both anonymous and nonanonymous
complaints. These steps include:

Log the claim in a case management system.

Determine
if an investigation is warranted.

Determine the appropriate
employees to interview.

Draft a preliminary report.

Implement procedures to prevent future issues.

Communicate any policy changes in an internal corporate
newsletter.

People investigating the complaints should be accountable to
superiors who review the steps taken in the investigation. On a
regular basis (quarterly, monthly, etc.) the audit committee should be
presented with all complaints received, regardless of whether they are
anonymous. However, should the audit committee members ask for more
specifics (and they will for some of the complaints), transparency is
an obligation, and no information should be withheld. For example, the
audit committee could receive a list of all whistleblowing allegations
with a summary of what the investigations into each allegation
revealed. However, the list would not indicate whether each complaint
was anonymous.

Conclusions

Methods aimed at improving corporate whistleblowing are effective
only in organizations where senior management supports and champions
the whistleblower. Through continual training, management can create
an environment where employees feel encouraged and supported to report
fraud. Numerous studies have found that employees are more likely to
internally blow the whistle when they believe that the corporation
will act on the information and not retaliate against the
whistleblower. Additionally, recent research has found that internal
fraud reports increased when peers supported whistleblowing. Routine
internal communications via email and e-newsletters that inform
employees about internal investigations and the importance of ethical
decision-making can help management create an environment in which
employees are comfortable coming forward with information.

Executive Summary

Some fraud-reporting programs actually discourage employees from
reporting fraud. Program implementation is essential to
producing an increase in fraud reporting.

Organizations should ask employees annually or quarterly whether
they are aware of potential fraud. This communication can be
done through an online interface and reminds employees that it’s
everyone’s responsibility to report wrongdoing.

Organizations using third-party administrators to run hotlines need
to convey to employees that the hotline is the organization’s
preferred way to report fraud. Employees are less likely to
report fraud to a system that is viewed as “outside” the organization.

Organizations should use a name such as “Open Line” or “Help Line”
as opposed to a name such as “Hotline” or “Alert Line.” Call-in
lines with names that give the impression of being emergency-only
lines generate far fewer calls than those with names that seem more welcoming.

Organizations need to institute policies that ensure that anonymous
fraud tips are not brushed aside. A good way to do this is by
establishing standardized steps to follow when investigating anonymous
and nonanonymous complaints.

Janet A. Samuels (janet.samuels@thunderbird.edu)
is an assistant professor at Thunderbird School of Global Management
in Glendale, Ariz., and Kelly Richmond Pope (kpope2@depaul.edu) is an
associate professor of accounting in the Driehaus College of
Business at DePaul University in Chicago.

To comment on this article or to suggest an idea for another
article, contact Jeff Drew, senior editor, at jdrew@aicpa.org or 919-402-4056.

For more information or to make a purchase or register, go to cpa2biz.comor call the Institute at 888-777-7077.

FVS Section and CFF credential

Membership in the Forensic and Valuation Services (FVS) Section
provides access to numerous specialized resources in the forensic and
valuation services discipline areas, including practice guides and
exclusive member discounts for products and events. Visit the FVS
Center at aicpa.org/FVS. FVS Section members can access
fraud-related tools and products in the Fraud Resource Center at tinyurl.com/blc37ox. Members with a specialization
in financial forensics may be interested in applying for the Certified
in Financial Forensics (CFF) credential. Information about the CFF
credential is available at aicpa.org/CFF.

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

Even as the IRS reported on success in reducing tax return identity theft in the 2016 season, the Service also warned tax professionals about yet another email phishing scam. See how much you know about recent news with this short quiz.